Privacy Policy
Last updated: January 2026
Introduction
Hindsight ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical portfolio management service.
We are registered in England and Wales and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Information We Collect
Personal Information
We may collect the following personal information:
- Name and professional credentials (e.g., GMC number)
- Email address
- Professional information (specialty, grade, place of work)
- Account credentials
- Payment information (processed securely through our payment provider)
Portfolio Data
When you use our service, we collect and store:
- CPD entries and reflections
- Significant event analyses
- Personal development plans
- Appraisal preparation documents
- Writing style samples (used to personalise AI assistance)
Technical Data
We automatically collect:
- IP address
- Browser type and version
- Device information
- Usage data and analytics
How We Use Your Information
We use your information to:
- Provide and maintain our service
- Personalise AI-generated content to match your writing style
- Process payments and manage your subscription
- Send important service updates and notifications
- Improve our service through aggregated analytics
- Respond to your enquiries and provide customer support
- Comply with legal obligations
Legal Basis for Processing
We process your personal data based on:
- Contract: Processing necessary to provide our service to you
- Legitimate interests: To improve our service and communicate with you
- Consent: Where you have given explicit consent
- Legal obligation: Where required by law
Data Storage and Security
Your data is stored on secure servers located within the United Kingdom and European Economic Area. We implement industry-standard security measures including:
- Encryption of data in transit and at rest
- Regular security audits and penetration testing
- Strict access controls and authentication
- Regular backups with secure storage
AI and Your Data
Our AI features are designed with privacy in mind:
- Your writing samples are used only to personalise your experience
- We do not use your data to train general AI models
- AI-generated content is created specifically for you and is not shared
- You can request deletion of your style profile at any time
Data Sharing
We do not sell your personal data. We may share data with:
- Service providers: Who help us operate our service (hosting, payment processing)
- Legal authorities: When required by law or to protect our rights
All third-party service providers are contractually bound to protect your data and use it only for specified purposes.
Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with our services. You can request deletion of your account and associated data at any time.
Certain data may be retained for longer periods where required by law (e.g., financial records for tax purposes).
Your Rights
Under UK GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Request limitation of data processing
- Portability: Receive your data in a portable format
- Object: Object to processing based on legitimate interests
- Withdraw consent: Where processing is based on consent
To exercise any of these rights, please contact us at privacy@hindsight.health.
Cookies
We use essential cookies to provide our service and optional analytics cookies to understand how our service is used. You can manage your cookie preferences through your browser settings.
Children's Privacy
Our service is intended for medical professionals and is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our service. The updated policy will be effective when posted.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@hindsight.health
- Post: Hindsight, Data Protection Officer, [Address]
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.
By using Hindsight, you acknowledge that you have read and understood this Privacy Policy. For our complete terms, please see our Terms of Use.